The Wayback Machine - https://web.archive.org/web/20201209040916/https://github.com/advisories
Skip to content

GitHub Advisory Database

3,009 advisories

Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
CVE-2020-26249 (High severity) was published Dec 8, 2020 red-dashboard (pip)
Disabled Hostname Verification in OpenCast
CVE-2020-26234 (High severity) was published Dec 8, 2020 org.opencastproject:opencast-kernel (Maven)
Denial of service in fast-csv
CVE-2020-26256 (Low severity) was published Dec 8, 2020 @fast-csv/parse (npm)
PHP Phar archives could be uploaded by Panel users as content files and executed in Kirby
CVE-2020-26255 (Low severity) was published Dec 8, 2020 getkirby/cms (Composer)
omniauth-apple allows attacker to fake their email address during authentication
CVE-2020-26254 (Low severity) was published Dec 8, 2020 omniauth-apple (RubyGems)
Cross-Site Scripting bypass in html-purify
GHSA-5p28-63mc-cgr9 (High severity) was published Dec 4, 2020 html-purify (npm)
ReDOS vulnerabities: multiple grammars
GHSA-7wwv-vh3v-89cq (Moderate severity) was published Dec 4, 2020 @highlightjs/cdn-assets (npm)
Multiple cryptographic issues in Python oic
CVE-2020-26244 (Moderate severity) was published Dec 4, 2020 oic (pip)
Inappropriate implementation in V8
CVE-2020-16009 (High severity) was published Dec 2, 2020 CefSharp.Common (NuGet)
XXE in petl
GHSA-f5gc-p5m3-v347 (Low severity) was published Dec 2, 2020 petl (pip)
Buffer not correctly recycled in Gzip Request inflation
CVE-2020-27218 (Moderate severity) was published Dec 2, 2020 org.eclipse.jetty:jetty-server (Maven)
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
GHSA-47qg-q58v-7vrp (Low severity) was published Dec 2, 2020 amundsen-frontend (pip)
Base class whitelist configuration ignored in OAuthenticator
CVE-2020-26250 (High severity) was published Dec 1, 2020 oauthenticator (pip)
Inappropriate implementation in V8 in CefSharp
CVE-2020-16013 (High severity) was published Nov 27, 2020 CefSharp.Common (NuGet)
Use after free in CefSharp
CVE-2020-16017 (High severity) was published Nov 27, 2020 CefSharp.Common (NuGet)
Prototype Pollution in systeminformation
CVE-2020-26245 (Moderate severity) was published Nov 27, 2020 systeminformation (npm)
Memory leak in Nanopb
CVE-2020-26243 (Moderate severity) was published Nov 25, 2020 nanopb (pip)
Template injection in cron-utils
CVE-2020-26238 (Critical severity) was published Nov 24, 2020 com.cronutils:cron-utils (Maven)
Prototype Pollution in highlight.js
CVE-2020-26237 (Low severity) was published Nov 24, 2020 highlight.js (npm)
Denial of service attack due to invalid JSON
CVE-2020-26890 (High severity) was published Nov 24, 2020 matrix-synapse (pip)
datasette-graphql leaks details of the schema of private database files
GHSA-74hv-qjjq-h7g5 (Low severity) was published Nov 24, 2020 datasette-graphql (pip)
Implementation trusts the "me" field returned by the authorization server without verifying it
GHSA-mjcr-rqjg-rhg3 (Critical severity) was published Nov 24, 2020 datasette-indieauth (pip)
Open redirect in Jupyter Server
CVE-2020-26232 (Moderate severity) was published Nov 24, 2020 jupyter-server (pip)
XML External Entity in Dashboard Widget
CVE-2020-26229 (Low severity) was published Nov 23, 2020 typo3/cms-core (Composer)
Cleartext storage of session identifier
CVE-2020-26228 (High severity) was published Nov 23, 2020 typo3/cms-core (Composer)
ProTip! Advisories are also available from the GraphQL API.
You can’t perform that action at this time.